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About This Guide 


This document contains information on the following: 


+ Chapter 1, “Overview,” on page 7 

+ Chapter 2, “Accessing the Novell SecureLogin Client Utility,” on page 11 
+ Chapter 3, “Automating Logging In to Applications,” on page 13 

+ Chapter 4, “Creating Login Credentials,” on page 27 

+ Chapter 5, “Changing Preferences,” on page 33 

+ Chapter 6, “Managing Your Passwords,” on page 41 

+ Chapter 7, “Managing Information Cache,” on page 47 

+ Chapter 8, “Managing the Passphrase,” on page 53 


Audience 


This guide is intended for the end users of Novell SecureLogin. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comments feature at the bottom of each page of the 
online documentation, or go to the Novell Feedback Web site (http://www.novell.com/ 
documentation/feedback.html) and enter your comments there. 


Documentation Updates 


For the most recent version of the Novell SecureLogin 7.0 User Guide, visit the Novell Documentation 
Web site (http://www.novell.com/documentation/securelogin70/index.html). 


Additional Documentation 


For documentation on other Novell SecureLogin documentation, see the Novell SecureLogin 
Documentation Web site (http://www.novell.com/documentation/securelogin70). 


The other documents available with this release of Novell SecureLogin are: 


* Getting Started 

+ About This Guide 

+ Novell SecureLogin Overview Guide 
+ Installation 

+ Novell SecureLogin Installation Guide 
+ Administration 


+ Novell SecureLogin Administration Guide 


About This Guide 


+ Novell SecureLogin Application Definition Wizard Administration Guide 
+ Novell SecureLogin Citrix and Terminal Services Guide 
+ pcProx Guide 
+ End User 
+ Novell SecureLogin User Guide 
+ Reference 


+ Novell SecureLogin Application Definition Guide 


Documentation Conventions 


In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and 
items in a cross-reference path. 
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1.1 


1.1.1 


Overview 


Novell SecureLogin is a Single Sign-on (SSO) product. It eliminates the necessitv for users to 
remember multiple usernames and passwords. It stores usernames and passwords and automatically 
retrieves them for users when required. 


Novell SecureLogin consists of multiple, integrated securitv svstems that provide authentication and 
single sign-on to networks and applications. 


Novell SecureLogin has wizards, an iManager plug-in, and tools that make it easv to centrallv 
configure for use on the corporate network. 


It supports usernames, passwords, and multi-factor authentication such as smart cards, tokens, or 
biometrics at the network and application levels. 


In this document, we take a menu-oriented approach in explaining how to use the Novell 
SecureLogin Client Utilitv to customize Novell SecureLogin to vour preferences and requirements. 


Management Utilities 


Novell SecureLogin has two management utilities: 


+ Section 1.1.1, “Administrative Manage Utilities,” on page 7 


+ Section 1.1.2, “The Novell SecureLogin Client Utility,” on page 9 


Administrative Manage Utilities 


Administrators use the Administrative Management utilities: iManager SSO plug-in, SecureLogin 
Manager, and Active Directory Computer Users and Snap Ins to define the settings and preferences 
of Novell SecureLogin for use by the end users. 
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Figure 1-1 iManager: One of the Administrative Management Utilities 
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@ Manage SecureLogin SSO 


Specifv the objectis) to modify. 


Object name: (see list) 


1.1.2 


Figure 1-2 The SecureLogin Management 
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The Novell SecureLogin Client Utility 


You can use the Novell SecureLogin Client Utility to customize the Novell SecureLogin to suit your 
requirements. For example, you can set your own passphrase question and answer, and set your own 


password policies. 


Figure 1-3 The Novell SecureLogin Client Utility 
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Accessing the Novell SecureLogin Client 
Utility 


The Novell SecureLogin Client Utility is represented by an icon in the notification area (system 
trav). 


To launch Novell SecureLogin: 


1 Click Start > Programs > Novell SecureLogin. 


After you successfully launch the Novell SecureLogin, the © appears in the notification area. 
Double-click this icon to launch the Novell SecureLogin Client Utility. 
This icon is a shortcut the Novell SecureLogin functionality on your workstation. 


1 Right-click the Novell SecureLogin icon in the notification area. 
2 Select the task you want to perform. 


For example, select Add Applications to add, delete, and manage the applications. 


Figure 2-1 The Advanced Preferences 


Add Application 


Manage Logins 

New Login 
Change reference 
Change Passphrase | po 

N 
Refresh Cache E A 
: About 

Backup User Information 
Restore User Information Log Off User 


Work Offiine Close 


The following table provides information on the tasks available in the menu. If a task does not 
appear in the menu, your administrator has not enabled this functionality for you. 

Option Description 

Add Application Starts the Add Applications wizard. Enables an 


application for single-sign on by creating a script 
that automates the login. 
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Option 


Manage Logins 


New Login 


Advanced > Change Preferences 


Advanced > Change Passphrase 


Advanced > Refresh Cache 


Advanced > Backup User Information 


Advanced > Restore User Information 


Advanced > Work Online | Offline 


Active 


About 


Log User Off Windows 


Close 
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Description 


Launches the Novell SecureLogin Novell 
SecureLogin Client Utility. 


Adds login IDs (login credentials), links login IDs to 
applications, manages password policies, and 
manages Novell SecureLogin settings. 


Enables vou to create multiple single sign-ons or 
login IDs for an application. For example, if vou 
have three accounts on the same application, 
SecureLogin manages the three sets of credentials. 


SecureLogin provides the option to select the 
preferred account when the application starts. 


Opens the Novell SecureLogin Client Utility, with the 
Preferences option selected. 


Enables you to change your passphrase question or 
passphrase answer. 


Refreshes the local cache settings and updates 
caches with any changes made at the associated 
container or organizational unit level. 


Backs up the Novell SecureLogin user information 
into a file. 


Restores Novell SecureLogin information from the 
backup file. 


Toggles between the online and offline states of 
SecureLogin. When you work offline, SecureLogin 
uses the local (secondary) cache rather than the 
directory. 


This option is not displayed in Standalone mode 


Determines whether SecureLogin is enabled 
(active) or disabled. 


Displays the SecureLogin version number and the 
status of the data stores. The primary data store is 
the directory. The secondary is the local cache. 


Enables you to shut down all programs, including 
SecureLogin, and log out from the workstation. 
Performs the same function as the Shut Down > 
Log Off option on the Windows Start menu. 


Shuts down SecureLogin. 


3.1 


Automating Logging In to Applications 


An application definition is a set of instructions telling Novell SecureLogin how to handle the login 
for a certain application. SecureLogin uses application definitions to automatically log you in to 
Windows, Web, or Java applications. Novell SecureLogin has predefined application definitions for 
some of the applications. You can use the Application Definition Wizard to create new application 
definitions. 


The wizard captures and stores your login name (username), password, and any other information 
required for authentication. 


You can also write your own application definitions. However, we recommend that you use the 
Application Definition Wizard to create your application definition. 


SecureLogin stores all application definitions in a secure encrypted cache on your computer and in 
the corporate directory. 

+ Section 3.1, 'Responding to Pop-Up Prompts,' on page 13 

+ Section 3.2, “Predefined Application Definitions,” on page 14 


+ Section 3.3, “Enabling an Application for Single Sign-On Using a Predefined Application 
Definition,” on page 15 


+ Section 3.4, “Using the Default Selections,” on page 17 


+ Section 3.5, “Using the Novell SecureLogin Client Utility to Enable Applications for Single Sign- 
on,” on page 18 


+ Section 3.6, “Using a New Application Definition to Enable Applications for Single Sign-on,' on 
page 20 


+ Section 3.7, “Changing the Name of an Application Definition,” on page 21 
+ Section 3.8, “Modifying an Application Definition,” on page 21 
+ Section 3.9, “Deleting an Application Definition,” on page 25 


Responding to Pop-Up Prompts 


After Novell SecureLogin is installed on your desktop, Novell SecureLogin watches for applications 
that are not enabled for single sign-on. Upon detecting such an application, Novell SecureLogin 
prompts you to use a wizard to enable those applications for single sign-on and thereby simplify 
future logins. 


If Novell SecureLogin detects an login screen on an application, it presents the following dialog box. 
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3.2 


3.2.1 


Figure 3-1 Prompt to Enable for Single Sign-On 


e Do you want to single sign enable the screen? 


+ Yes, I want to single sign using the default selections done by the wizard. 
+ Yes, I want to single sign enable the screen using the wizard. 
+ Cancel, I do not want to single sign this screen at this time. 


+ No, Never prompt me to single sign this screen. 


Select one of the following options: 


+ I want to single sign using the default selections done by the wizard: Select I want to single 


sign using the default selections done by the wizard option to create an application definition using 
the default settings. 


Through the default settings, you can create an application definition to handle the username 
and password fields and submit button identified by the Wizard. 


I want to single sign enable the screen suing the wizard: If Novell SecureLogin detects more 
than two text fields or one button in a login dialog box, select I want to single sign enable the screen 
using the wizard (Recommended) option. Through this you can review the fields identified by the 
Wizard, confirm that correct fields are selected and button are identified. 


I do not want to single sign this screen at this time: Select I do not want to single sign this screen 
at this time if you do not want to enable an application for single sign-on at an instance. 


Never prompt me to single sign this screen: Select Never prompt me to single sign this screen if 
you do not want to enable an application for single sign-on. You are not be prompted to enable 
the application for single sign-on, again. 


Predefined Application Definitions 


SecureLogin has predefined application definitions to automatically capture and store login 
credentials for many common applications. 


If a predefined application definition does not exist for your favorite application you, use Application 
Definition Wizard to create a new application definition to capture and store your logon credentials, 
along with any other information required for authentication. For details on using the Application 
Definition Wizard, see the 


Windows Applications 


Some of the predefined application definitions for Windows applications include: 


+ 401K Web Login 

¢ ActiveSync 

+ AOL Instant Messenge 
+ Cisco VPN 
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3.2.2 


3.3 


3.3.1 


+ Citrix Program Neighborhood 

+ Citrix Program Neighborhood Agent 
+ Lotus Notes v5 and v6.5 

+ Microsoft Outlook 

+ Microsoft Outlook Express 


Web Applications 


Some of the predefined application definitions for Web applications are: 


+ Amazon.com 

+ eBay 

+ Hotmail 

+ QANTAS Frequent Flyer 
+ CNN Member Services 


+ Monster.com 


Enabling an Application for Single Sign-On Using a 
Predefined Application Definition 


The procedure to use a predefined application definition to enable an application definition is the 
same for all Web, Windows, and Java applications. 
1 Launch an application. 
If a predefined application definition exists for that application, Novell SecureLogin 
automatically detects the application definition. 
The SecureLogin dialog box is displayed. 
2 Select I want to single sign the screen using the predefined application definition. 


SecureLogin identifies the application and displays the name of the application in the prompt. 


3 You are prompted to specify the credentials for the application. Specify the username, password, 


and any other information required. 
4 Click OK. 
SecureLogin saves your credentials and uses them to log in to the application. 


The next time you launch the application, you are not prompted for username and password. 
Novell SecureLogin provides this. 


Enabling Single Sign-On for Novell WebAccess 


The following example demonstrates enabling single sign-on for a Novell WebAccess. SecureLogin 
provides a predefined application for Novell WebAccess. 


This procedure assumes that you already have a GroupWise account. 


1 Launch Novell WebAccess. 
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A predefined application definition exists for Novell WebAccess. Novell SecureLogin detects the 
application and the SecureLogin dialog box is displayed. 


LS SecureLogin has detected a password field on this screen 


Window Title: Novell WebAccess Show me 


Application URL gmail.novell.com 


e Do you want to single sign enable the screen? 


Yes, I want to use the predefined application definition. 
Novell GroupWise V7.0 Web Login 


$ Yes, I want to single sign enable the screen using the wizard. 
+ Cancel, I do not want to single sign this screen at this time. 


+ No, Never prompt me to single sign this screen. 


2 Select I want to single sign the screen using the predefined application definition. Novell GroupWise 
Messenger V7.0 Web Login. 


Another enhancement to the Wizard in this release is that it detects the name of the application 
and displays it. In this example, Novell SecureLogin identifies that you are creating an 
application definition for Novell GroupWise WebAccess and it displays the name. 


The Enter your GroupWise information dialog box is displayed. 
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3.4 


3 Specify your Username and password, then click OK. 


"Enter your credentials 
f™ Novell . 
* SecureLogin, N 


Please enter you Group Wise information. 


Novell SecureLogin saves the credentials and uses them to log in to your GroupWise WebAccess 
account. 


To test the application definition, log out and log in. If the application is defined correctly with the 
correct credentials, you are logged in successfully. If your login is not successful, delete the 
application definition and repeat the above steps. You might also need to review the application 
definition for completeness of event responses and errors. 


Using the Default Selections 


1 Launch the Web application for which you want to enable single sign-on. 


2 Novell SecureLogin detects the application and prompts you to enable single sign-on. 


Figure 3-2 Prompt to Enable for Single Sign-on 


Do you want to single sign enable the screen? 


+ Yes, I want to single sign using the default selections done by the wizard. 
+ Yes, I want to single sign enable the screen using the wizard. 
+ Cancel, I do not want to single sign this screen at this time. 


+ No, Never prompt me to single sign this screen. 


3 Select Yes, I want to single sign using the default selections done by the wizard. 


4 The Enter your Credentials dialog box is displayed. 
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3.5 


"Enter your credentials Ex 
f™ Novell l 
* SecureLogin. N 


Please edit your login variables. 


sad | 


Password: 


5 Specify your credentials, then click OK. 


Novell SecureLogin saves your credentials in the directory. The next time you launch the 
application, SecureLogin provides the credentials for you. 


Using the Novell SecureLogin Client Utility to Enable 
Applications for Single Sign-on 


You can enable an application for single sign-on through the Novell SecureLogin Client Utility as 
well as through the Application Definition Wizard. 


1 Double-click the Novell SecureLogin icon in the notification area. This launches the Novell 


SecureLogin Client Utility with the Application menu selected. 


2 Click Jen] Alternatively, select File > New > Application. The New Application dialog box 


appears. 
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New Application 


b Logon 


3 From the Predefined Application Definition list, select the appropriate application definition. 


4 Click OK. Details of the selected application appear. 


5 On the Details page, specify the username and password of the application. 


Y Novell SSO 


X Novell SecureLogin, 


r5] Java 

fa Web 

fA Windows 
FI ActiveSync 
E) AOL Instant Messenger 
E) GroupWise Password 


E https: /finnerweb.novell.. 
E) Microsoft Networking Clie 


E) Microsoft Outlook 
E Novell Bugzilla 


E Novell GroupWise Messer 


E Novell iFolder v2x 
FI test 
E) Yahoo! Messenger 
+ Q My Logins 
d) Preferences 


$j lli | 


Application - "Yahoo! Messenger" 
Details (Definition | Settings | 


CR Yahoo! Messenger (Windows) 
YPAGER.EXE 


Credentials 
$a) New Delete 


B Y H 


Èj Show passwords 


6 (Optional) Click the Settings tab and define your preferences. 
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7 Click Apply to apply the new login details. 
8 Click OK to save and exit. 


3.6 Using a New Application Definition to Enable Applications 
for Single Sign-on 


1 Double-click the Novell SecureLogin icon in the notification area. This launches the Novell 
SecureLogin Client Utility with the Application menu selected. 


2 Click Alternatively, select File > New > Application. The New Application dialog box 
appears. 


3 Select New Application Definition. 


New Application 


4 From the Type drop-down list, select the type of application. 
You can select: 
+ Windows 
+ Terminal Launcher 
¢ Startup 
+ Java 
+ Generic 
Advanced Web 
Web wizard Script 


+ 


+ 
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NOTE: For Flash application, select type as Windows. Use Flash Window finder tool to read the 
title of the application and provide the same in the EXE text box. 


5 Specify other details such as the name, the URL, executable, and description as required. 
6 Click OK. 


You have successfully added an application. You now need to specify the credentials for the 
application. 


7 From the Application navigation tree on the left pane, select the application you created. 
8 Specify the username and password of the application. 
9 (Optional) Specify the application definition of this application. 

10 (Optional) Change the default settings to suit your requirements. 

11 Click Apply. Your applications details are added to Novell SecureLogin. 

12 Click OK to save and exit. 


3.7 Changing the Name of an Application Definition 


1 Double-click the Novell SecureLogin icon in the notification area. 


2 Inthe Application navigation area on the left panel, select the application you want to modify. 


3 Click . The Edit dialog box appears. 


Edit details for "NOVELL: Login” 


Name (kie: 88 Kos 0 


N avelenn ss—‘—sCS™ 


4 Make the required changes. You can modify the name, ID, and type of the application. 
5 Click OK. The changes are saved. 


3.8 Modifying an Application Definition 


This section provides information on modifying the application definitions created using the 
Application Definition Wizard introduced in Novell SecureLogin 7.0. You can use the Application 
Definition Wizard to add or modify the definition, add notifications for password change and login 
notifications. 


NOTE: Predefined application definitions cannot be edited using the Application Definition Wizard. 
You must edit them manually. To know more about editing the application definitions manually, 
refer the Novell SecureLogin Application Definition Guide. 


You can modify the Application Definition Wizard in one of the following ways: 
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3.8.1 Modifving through the Application Definition Wizard 


1 Double-click the Novell SecureLogin icon on the notification area. 


The Application Definition Wizard opens displaying a list of application enabled for single sign- 
on. 


W Novell SSO - [cn=writer,o=novell] 


Applications 


& | New Delete 


Application Type Id 
Citrix Program Neighborhood Agent Windows PNAGENT.EXE 
Meditech Windows vmagic.exe 
Microsoft SQL Windows isqlw.exe 
Microsoft Windows Live ID Web Wizard Script live.com 
Yahoo! Mail: The best web-based e... Generic Wizard login. yahoo.com 


2 From the Applications pane, select the application deviation you want to modify. 


3 Click the Definition tab. 


Application - "iexplore.exe - Yahoo! Mail: The best web-based..." 


i 


S =] Logon 
=) Yahoo! Mail: The best web-based... 
E & Logon Notification 
(B New Logon Notification Form 
(fi) Change Password 
Change Password Notification 
Other 


Ca) Coms] ( | 


4 Select Edit Wizard. The attributes pane opens enabling you to edit the application definition. 
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Bnew ~| Xx 
E T iexplore.exe - Yahoo! Mail: The best wet : l s 
o [E] Logon (B) SecureLogin needs to identify the logon screen for this application. You can choose or 
© Yahoo! Mail: The best web-basel Re 
E & Logon Notification 
(B New Logon Notification Form 


U Change Password 
Change Password Notification Choose the logon screen for this application 


Other 


Drag the Choose icon onto the logon screen. 


This SecureLogin window will move behind all other 
windows while you select the target screen. 


Screen Title Yahoo! Mail: The best web-based... 


L œx JU ar Jl cent) 


5 Make the changes. 
Each of the attributes are explained in detailed in the earlier section. 
6 Click Apply and OK to save and exit. 


3.8.2 Modifying through the Manage Logins Menu 


1 Right the Novell SecureLogin icon on the notification area, then select Manage Logins. 
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The administrative management utility displays a list of applications that are already enabled 
for single sign-on. 


Ẹ Novell SSO - [cn=writer,o=novell] 


Applications 
$5) New a Delete 


Application = | Type Li — 

Citrix Program Neighborhood Agent Windows PNAGENT.EXE 
Meditech Windows vmagic.exe 
Microsoft SQL Windows isqlw.exe 
Microsoft Windows Live ID Web Wizard Script live.com 

Yahoo! Mail: The best web-based e... Generic Wizard login. yahoo.com 


2 From the Applications pane, select the application deviation you want to modify. 
3 Click the Definition tab. 


S) (e) Logon 
FI Yahoo! Mail: The best web-based... 
E € Logon Notification 
(B New Logon Notification Form 
[A] Change Password 
Change Password Notification 
Other 


Convert To Application Definition || Edit Wizard 


LJ Lea) | arr 


4 Select Edit Wizard. The attributes pane opens enabling you to edit the application definition. 
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Bnew ~| Xx 
E T iexplore.exe - Yahoo! Mail: The best wet : l : 
o [E] Logon (B) SecureLogin needs to identify the logon screen for this application. You can choose or 
E Yahoo! Mall: The best web-base! Be TS 
E & Logon Notification 
(B New Logon Notification Form 


Change Password 
Boss Password Notification Choose the logon screen for this application 


Other 


Drag the Choose icon onto the logon screen. 


This SecureLogin window will move behind all other 
windows while vou select the target screen. 


Screen Title Yahoo! Mail: The best web-based... 


4 m 


Help Test 


There are incomplete screen attributes that require more information 


5 Make the changes. 
Refer the Novell SecureLogin Application Definition Wizard Administration Guide 
6 Click Apply and OK to save and exit. 


3.9 Deleting an Application Definition 


1 Double-click the Novell SecureLogin icon in the notification area. 
2 Inthe Application navigation on the left panel, right-click the application you want to delete. 
3 Click Delete. The selected application is deleted. 
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4.1 


4.11 


Creating Login Credentials 


Novell SecureLogin allows you to enable multiple logins for single sign-on to the same application. 


Through the My Login page, you can view and edit Novell SecureLogin user data, such as usernames 
and passwords that allow you to successfully log in to an application. 


To use Novell SecureLogin to automatically log you in to an application, you must create a Login (set 
of credentials) and link it to that application. 


If you add an application that has a predefined application, you need to link the login to it. You can 
provide login variables the next time that you access the application. However, you do not need to 
add or create login for applications that you enabled for single sign-on in the following ways: 


+ If you encountered a new application through a pop-up prompt and then used the Add 
Applications wizard to enable the application. 


+ If you ran the Add Applications wizard and selected a Web Page or Windows Application 
option as the script type. 


In these two cases, the Application Definition Wizard created the login while you were adding the 
application to the single sign-on functionality. 


You can use the same login to log you in to more than one application. 


Also, if you have multiple roles, you can set up multiple logins for the same application. For example, 
you might be a network administrator as well as a user. When you log in to the network as 
administrator and then launch an application, Novell SecureLogin prompts you to select a profile. 
After you select the administrator profile, Novell SecureLogin then automatically logs you in with 
the appropriate credentials. 


Creating Login Credentials Using the Add New Login 
wizard 


+ Section 4.1.1, “Creating the Login,” on page 27 

+ Section 4.1.2, “Specifying the Credentials,” on page 28 

+ Section 4.1.3, “Linking a Login to an Application,” on page 28 

+ Section 4.1.4, “Delinking a Login from an Application,” on page 28 


Creating the Login 


1 Right-click the Novell SecureLogin © icon in the notification area, then click Manage Logins. 


Of, 


Double-click the Novell SecureLogin © icon in the notification area. 
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This launches the Novell SecureLogin Client Utility. 
2 Click My Logins > New. 
3 Specify a name or ID in the Create Login dialog box, then click OK. 


You have now successfully created a new login. Repeat Step 1 on page 27 through Step 3 on 
page 28 to create other logins. 


However, you need to specify the username and password to this login. 
Repeat Step 1 through 4 to create other logins. 


4 Continue with Section 4.1.2, 'Specifving the Credentials,' on page 28 to specify the username 
and password for this login. 


4.1.2 Specifying the Credentials 


In the previous task, you created a login. Use the following steps to specify the credentials for your 
login, 
1 Inthe My Login list in the left panel, select the login you created. The login page is displayed. 
2 Select Username, then specify the username in the adjacent text field. 


3 Select Password, then specify the password in the adjacent text field. The password is displayed 
as a series of asterisks. 


Select Show aaa , it displays the actual password, instead of a series of asterisks. 


4 Click Apply, then click OK. Your login credentials are saved. 


Repeat Step 1 on page 28 through Step 4 on page 28 to specify the credentials to other logins. 


4.1.3 Linking a Login to an Application 


To add a newly created login to an application: 


1 From My Logins, select the login that you want to link to an application. 


2 Click (ean | The Applications List window opens. 


3 Select the applications you want to link to this login. Click OK. 
4 Click Apply, then click OK. The login information is saved. 


4.1.4  Delinking a Login from an Application 


1 From My Logins, select the login that you want to delink to an application. 


2 Click i The Application List window opens. 
3 Select the applications you want to delink from the login. 
4 Click Apply, then click OK. The change is saved. 
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4.2 


4.2.1 


4.2.2 


Adding Multiple Logins 


+ Section 4.2.1, “Prerequisites,” on page 29 

+ Section 4.2.2, “Creating Another Login,” on page 29 

+ Section 4.2.3, “Viewing the Additional Login,” on page 30 
+ Section 4.2.4, “Testing the Multiple Logins,' on page 30 


Prerequisites 


+ Before you commence adding another login to an existing login, the first account must be 
enabled for single sign-on. 


+ Before you add multiple logins to the first account, we recommend that you make a list of the 
usernames, passwords, and a unique name to identify the login. 


The following is an example list: 


Table 4-1 List of Additional Logins 


Name User Name Password 
Administrator admin 123456 
Support help abcdef 
User testi xvz123 


Creating Another Login 


1 Right-click the Novell SecureLogin icon in the notification area, then select New Login. The 
SecureLogin - Add New Login wizard welcome dialog box is displayed. 


SecureLogin - Add New Login 


Welcome to the Add New Login Wizard. 
Novell : To add a new login, select the application you want to 
SecureLogin. add the login for, then click Next. 


Available applications: 


Novell Bugzilla 

Novell GroupWise Messenger Version 2.0 
Novell iManager 

Novell iManager 

NOVELL: Login 

NOVELL: Login 

user account | TWIN: Technical Writers of India 
Yahoo! Mail 

Yahoo! Messenger 
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2 Select the required application. 
3 Click Next. A page displays where you can provide a description for the login. 


SecureLogin - Add New Login 


Enter a description for this new login and then dick 
Novell A Finish. When vou next run the application, if vou 
Secure Log IN. select the new login set that vou have just created 
vou will be prompted to enter vour details to save in 
this new login set. 


Description: 


———— 


co (FEI oj 


4 Inthe Description field, specify a descriptive name for the login (for example, NSL 
Administrator). 


5 Click Finish. A page appears where vou can enter vour credentials. 

6 Inthe Username field, specifv the username. 

7 Inthe Password field, specifv the password. 

8 Specify any additional variables as required. 

9 Click OK to save your information and exit the Novell SecureLogin Client Utility. 


10 Repeat Step 1 on page 28 through Step 9 on page 30 to add anv additional logins. When vou 
have created all logins, you can view and manage them in the Novell SecureLogin Client Utility. 


4.2.3 Viewing the Additional Login 


1 Right-click the Novell SecureLogin icon in the notification area, then select New Login. The 
SecureLogin - Add New Login wizard welcome dialog box is displayed. 


2 Inthe navigation tree, select My Logins. The My Login page is displayed. 
3 Verify that the additional login is added to the My Logins pane. 
4 Click OK to close the Novell SecureLogin Client Utility. 


4.2.4 Testing the Multiple Logins 


1 Launch the application for which you added multiple logins. 


2 Select the functionality you want to access. The login selection dialog box is displayed. 
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3 Select the appropriate login credential set. 


4 Click OK. Novell SecureLogin enters the credentials and you are automatically logged in to the 
application. 
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5.1 


Changing Preferences 


The Preferences allow you to customize Novell SecureLogin. Use this option to customize Novell 
SecureLogin to function in the way you want it. 


The Administrator can also set the Novell SecureLogin user preferences in the Administrative 
Management utility. Each preferences has a default value until an alternative value is specified. 


NOTE: The preferences value set by you at the user object level overrides all higher level object 


values. 


The list of preferences is a subset of the preferences that the administrator controls through the 


Administrative Management utility. If the Administrator has disabled a setting, you cannot use it or 


change it on your workstation. 


+ Section 5.1, “Viewing and Changing the Preferences,” on page 33 

+ Section 5.2, “General Preference, Definitions, and Values,” on page 34 
+ Section 5.3, “Java Preference, Definitions, and Values,” on page 36 

+ Section 5.4, “Web Preferences, Definitions, and Values,” on page 37 


+ Section 5.5, “Windows Preferences, Definitions, and Values,” on page 38 


Viewing and Changing the Preferences 


1 Click Preference. The preference properties table is displayed. 


2 Select the setting you want to customize. You can change the preferences for the following 
settings: 


+ “General Preference, Definitions, and Values” on page 34 

+ “Java Preference, Definitions, and Values” on page 36 

+ “Web Preferences, Definitions, and Values” on page 37 

+ “Windows Preferences, Definitions, and Values” on page 38 
3 From the drop-down list in the Value column, select the appropriate value. 
4 Click OK. 
5 Click Yes to save the settings and exit. 
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Figure 5-1 The User Preferences 


C l 
P Novell SecurelLogin, 


=|] Applications 
+ fa Web 
+ (A Windows 
+ My Logins 
= 


‘fg General 


y Java 
> Web 
{ Windows 
[2 Password Policies 


5.2 General Preference, Definitions, and Values 
Table 5-1 The General Preferences Properties Table 


Possible 


Preference Description Default Value 
Values 

Detect incorrect Yes/No/Default Predefined applications generally include The default value is 

passwords commands to respond to incorrect password Yes. 


dialogs. This preference enables SecureLogin to 
respond to incorrect passwords for web 
applications. 


If this option is set to Yes or Default, incorrect 
passwords for Web applications are detected. 


If this option is set to No, incorrect passwords for 
Web applications are not detected. 


This preference is available in both the Novell 
SecureLogin Client Utility and the administrative 
management utilities (iManager, SLManager, and 
MMC snap-ins). 


Enable cache file  Yes/NolDefault This preference controls creating and updating ofa The default value is 
SecureLogin cache file on the local workstation. Yes. 
The cache file stores all user configuration data; 
local and inherited. 


Set this option to Yes for mobile users. 


If this option is set to No, you cannot store files 
locally or you might have some conflicts with 
organizational security policy. 


If this option is set to Default, Novell SecureLogin 
behaves as if it is set to Yes. 


This preference is available in both the Novell 
SecureLogin Client Utility and the administrative 
management utilities (Manager, SLManager, and 
MMC snap-ins). 


34 Novell SecureLogin User Guide 


Possible 


Preference 
Values 


Enter API license Specify API 
kev(s) license kev(s) 


Password protect Yes/No/Default 
the system tray 
icon 


Provide API Yes/No/Default 
Access 


Set the cache 5 
refresh interval (in 
minutes) 


Description Default Value 


Specify the API license key(s) provided by Novell Specify the API 
SecureLogin to activate the API functionality for an license key 
application. 


You can add more than one API license key. 


This preference restricts the users from accessing The default value is 
the Novell SecureLogin icon menu option (from the No. 

notification area (system tray) without their network 

login password. 


If this option is set to Yes, the Novell SecureLogin 
icon on the notification area (system tray) is 
password protected. 


If this option is set to No or Default, the Novell 
SecureLogin icon on the notification area (system 
tray) is not password protected. 


This preference is available in both the Novell 
SecureLogin Client Utility and the administrative 
management utilities (iManager, SLManager, and 
MMC snap-ins). 


This preference controls the API functionality use. The default value is 


No. 
If this option is set to Yes, the API access is 


enabled. 


If this option is set to No or Default, the API access 
is disabled. 


This preference is available in both the Novell 
SecureLogin Client Utility and the administrative 
management utilities (iManager, SLManager, and 
MMC snap-ins). 


This preference defines the time in minutes the The default value is 
synchronization of user data and directory onthe set to 5 minutes. 
local workstation. 


However, depending on the network traffic and the 
number of users the interval can be set between 
240 minutes and 480 minutes (four and eight 
hours). 


This preference is available in both the Novell 
SecureLogin Client Utility and the administrative 
management utilities (iManager, SLManager, and 
MMC snap-ins). 
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5.3 Java Preference, Definitions, and Values 


Table 5-2 The Java Preferences Properties Table 


Preference Possible Values Description Default Value 
Add application Yes/No/Default This preference controls whether Novell The default 
prompts for Java SecureLogin detects Java application. value is No. 
applications 


If the preference is set to Yes or Default, as soon 
as Novell SecureLogin detects a Java application 
login page, it prompts the user to record it. 


If this option is set to No, this process never 
occurs, only Java predefined applications are 
prompted and supported. 


This preference is available in both the Novell 
SecureLogin Client Utility and all the 
administrative management utilities (iManager, 
SLManager, and MMC snap-ins). 


Allow single sign-on Yes/No/Default This preference controls whether Novell The default 
to Java applications SecureLogin allows single sign-on for Java value is Yes. 
applications. 


If the preference is set to Yes or Default, as soon 
as Novell SecureLogin detects a Java application 
login page, it prompts the user to enable it for 
single sign-on. 


If this option is set to No, Java applications are 
not enabled for single sign-on. 


This preference is available in both the Novell 
SecureLogin Client Utility and all the 
administrative management utilities (iManager, 
SLManager, and MMC snap-ins). 
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5.4 Web Preferences, Definitions, and Values 


Table 5-3 The Web Preferences Properties Table 


Preference 


Add application 
prompts for Internet 
Explorer 


Add application 
prompts for Mozilla 
Firefox 


Allow single sign-on 
to Internet Explorer 


Possible Values 


Yes/No/Default 


Yes/No/Default 


Yes/No/Default 


Description 


This preference controls the display of the Web 
login detection wizard and confirmation dialog 
box when a Web application is detected and 
recognized by Internet Explorer. 


If you select Yes or Default, the specified 
credentials are saved and the application is 
enabled for single sign-on. 


If you select No, Novell SecureLogin skips 
enabling the application for single sign-on on this 
instance. You are prompted to enable the 
application when you launch it the next time. 


This preference is available in both the Novell 
SecureLogin Client Utility and all the 
administrative management utilities (iManager, 
SLManager, and MMC snap-ins). 


This preference controls the display of Web login 
detection wizard and confirmation dialog box 
when a Web application is detected and 
recognized by Mozilla Firefox. 


If you select Yes or Default the specified 
credentials are saved and the application is 
enabled for single sign-on. 


If you select No, Novell SecureLogin skips 
enabling the application for single sign-on on this 
instance. You are prompted to enable the 
application when you launch it the next time. 


This preference is available in both the Novell 
SecureLogin Client Utility and all the 
administrative management utilities (iManager, 
SLManager, and MMC snap-ins). 


This preference defines single sign-on access to 
Web application using Internet Explorer. 


If you select Yes or Default the specified 
credentials are saved and the application is 
enabled for single sign-on. 


If you select No, Novell SecureLogin skips 
enabling the application for single sign-on on this 
instance. You are prompted to enable the 
application when you launch it the next time. 


This preference is available in both the Novell 
SecureLogin Client Utility and all the 
administrative management utilities (iManager, 
SLManager, and MMC snap-ins). 


Default Value 


The default 
value is Yes. 


The default 
value is Yes. 


The default 
value is Yes. 
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Preference Possible Values Description Default Value 


Allow single sign-on Yes/No/Default This preference defines single sign-on access to The default 
Mozilla Firefox Web application using Mozilla Firefox. value is Yes. 


If you select Yes or Default the specified 
credentials are saved and the application is 
enabled for single sign-on. 


If you select No, Novell SecureLogin skips 
enabling the application for single sign-on on this 
instance. You are prompted to enable the 
application when you launch it the next time. 


This preference is available in both the Novell 
SecureLogin Client Utility and all the 
administrative management utilities (iManager, 
SLManager, and MMC snap-ins). 


5.5 Windows Preferences, Definitions, and Values 


Table 5-4 The Windows Preferences Properties Table 


Preference Possible Values Description Default Value 
Add application Yes/No/Default This preference controls the display of a Windows The default 
prompts for login detection and confirmation message when a value is Yes. 
Windows Windows application is detected and recognized. 

applications 


If you select Yes or Default, the specified 
credentials are saved and the application is 
enabled for single sign-on. 


If you select No, Novell SecureLogin skips 
enabling the application for single sign-on on this 
instance. You are prompted to enable the 
application when you launch it the next time. 


This preference is available in both the Novell 
SecureLogin Client Utility and all the 
administrative management utilities (iManager, 
SLManager, and MMC snap-ins). 
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Preference Possible Values 


Allow single sign-on Yes/No/Default 
to Windows 
applications 


Description Default Value 


This preference controls the display of Windows The default 
login detection wizard and confirmation dialog value is Yes. 
box when a Windows application is detected and 

recognized by Mozilla Firefox. 


If you select Yes or Default the specified 
credentials are saved and the application is 
enabled for single sign-on. 


If you select No, Novell SecureLogin skips 
enabling the application for single sign-on on this 
instance. You are prompted to enable the 
application when you launch it the next time. 


This preference is available in both the Novell 
SecureLogin Client Utility and all the 
administrative management utilities (iManager, 
SLManager, and MMC snap-ins). 
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Managing Your Passwords 


Novell SecureLogin provides the password policy functionality to enable you to effectively and 
efficiently manage your password. 


Organizations and applications often have rules about the content of passwords, such as the required 
number of characters and type of characters. The Password Policies option in Novell SecureLogin 
Novell SecureLogin Client Utility provides functionality to create and enforce these password rules 
through a Password policy, and apply this policy to one or more application logins. 


+ Section 6.1, “Creating a Password Policy,” on page 41 
+ Section 6.2, “Editing a Password Policy,” on page 45 
+ Section 6.3, “Deleting a Password Policy,” on page 46 


6.1 Creating a Password Policy 
1 Double-click the Novell SecureLogin icon in the notification area. 
2 Click Password Policies, then click [Enen] The New Password Policy dialog box is displayed. 


New password policy 


Enter a name for the new password policy 


m 


3 Specify a name for your password policy, then click OK. 


You have now successfully created a new password policy, but you need to set your preferences 
for the password policy. These preferences are unique to you and are enforced on your 
workstation. 


4 Inthe Password Policies navigation area, select the password policy you want to edit. 


5 You can view and change the following settings: 
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Policy 


Minimum length 


Maximum length 


Minimum punctuation characters 


Maximum punctuation characters 


Minimum uppercase characters 


Maximum uppercase characters 


Minimum lowercase characters 


Maximum lowercase characters 


Minimum numeric characters 


Maximum numeric characters 


Disallow repeat characters 
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Value To Be provided 


Whole number 


Whole number 


Punctuation characters 


Punctuation characters 


Whole number 


Whole number 


Whole number 


Whole number 


Whole number 


Whole number 


NolYeslYes, case 
insensitive 


Description 


Defines the minimum length of the 
password; that is, the number of characters 
required for the password. 


Defines the maximum length of the 
password; that is, the maximum number of 
characters allowed in password. 


Defines the minimum number of 
punctuation characters allowed in a 
password. 


Defines the maximum number of 
punctuation characters allowed in a 
password. 


Defines the minimum number of uppercase 
characters allowed in a password. 


Defines the maximum number of uppercase 
characters allowed in a password. 


Defines the minimum number of lowercase 
characters allowed in a password. 


Defines the maximum number of lowercase 
characters allowed in a password. 


Defines the minimum number of numeric 
characters allowed in a password. 


Defines the maximum number of numeric 
characters allowed in a password. 


Disallows the use of repeated characters, 
or the use of the same successive 
characters. 


If this option is set to No, characters can be 
repeated. This is the default value. 


If this option is set to Yes, same alphabetic 
characters in a different case are 
considered as different characters. For 
example, À and a are different. 


If this option is set to Yes, case insensitive, 
the successive use of the same alphabetic 
characters in a different case is not allowed. 


Policy Value To Be provided 


Disallow duplicate characters NolYeslYes, case 
insensitive 

Disallow sequential characters NolYeslYes, case 
insensitive 

Begin with an uppercase NolYes 

character 


End with an uppercase character No/Yes 


Description 


Disallows the use of the same non- 
successive characters. 


If this option is set to No, duplicate 
characters are allowed. This is the default 
value. 


If this option is set to Yes, the same 
alphabetic characters in a different case are 
considered as different characters. For 
example, À (uppercase) and a (lowercase) 
are different. 


If this option is set to Yes, case insensitive, 
duplication of the same alphabetic 
characters in a different case is not allowed. 


Disallows the use of successive characters 
in alphabetical order. 


If this option is set to No, sequential 
characters are allowed. This is the default 
value. 


If this option is set to Yes, sequential 
characters in a different case are 
considered as non-sequential. For 
example, a and B are non-sequential. 


If this option is set to Yes, case insensitive, 
sequential characters in different cases are 
disallowed. 


Enforces the use of an uppercase 
alphabetic character as the beginning 
character of a password. 


The default value is No. 


If this option is set to Yes, all other policies 
that indicate that a password must begin 
with a particular character or in a specific 
manner are disabled. 


IMPORTANT: Oniv one tvpe of character 
can be designated as the first value of a 
password. 


Enforces the use of an uppercase letter at 
the end of a password. 


The default value is No. 


If this option is set to Yes, all other policies 
that indicate that a password must end with 
a particular character or in a specific 
manner are disabled. 
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Policv 


Prohibited characters 


Begin with anv Alpha character 


Begin with anv number 


Begin with anv svmbol 


End with anv Alpha character 


End with anv number 
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Value To Be provided 


Kevboard characters 


No/ves 


NolYes 


NolYes 


NolYes 


NolYes 


Description 


Defines a list of characters that cannot be 
used in a password. 


NOTE: There is no need of a separator in 
the list of prohibited characters. For 
example, @#$%&* 


Enforces the use of an alphabetic character 
at the beginning of a password. 


The default value is No. 


If this option is set to Yes, it automatically 
disables all other policies that specify what 
the first character of the password should 
be. 


Enforces the use of a numeric character as 
the first character of the password. 


The default value is No. 


If this option is set to Yes, it automatically 
disables all other policies that specify what 
the first character of the password should 
be. 


Enforces the use of a symbol character as 
the first character of the password. 


The default value is No. 


If this option is set to Yes, it automatically 
disables all other policies that specify what 
the first character of the password should 
be. 


Enforces the use of an alphabetic character 
as the last character of the password. 


The default value is No. 


If this option is set to Yes, it automatically 
disables all other policies that specify what 
the password should end with. 


Enforces the use of a numeric character as 
the last character of the password. 


The default value is No. 


If this option is set to Yes, it automatically 
disables all other policies that specify what 
the password should end with. 


Policy Value To Be provided Description 


End with any symbol NolYes Enforces the use of a symbol character as 
the last character of the password. 


The default value is No. 


If this option is set to Yes, it automatically 
disables all other policies that specifv what 
the password should end with. 


6 Click Apply. The settings are saved. 


6.2 Editing a Password Policy 


To edit an existing password policy settings: 


1 Double-click the Novell SecureLogin icon in the notification area. 


2 Inthe Password Policies navigation area, select the password policy you want to edit. The settings 


of the selected password policy are displayed. 
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' Novell SSO 


>P 
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Password Policy - 'mv-password-policv' 


Minimum length 
Maximum length 

Minimum punctuation characters 

Maximum punctuation characters 

Minimum uppercase characters 

Maximum uppercase characters 

Minimum lowercase characters 

Maximum lowercase characters 

Minimum numeric characters 

Maximum numeric characters 

Disallow repeated characters No 
Disallow duplicate characters No 
Disallow sequential characters No 
Begin with an uppercase character No 
End with an uppercase character No 
Prohibited characters 

Begin with any alpha character No 
Begin with any number No 
Begin with any symbol No 
End with any alpha character No 
End with any number No 
End with any symbol No 


7 | coe | mv | 


=-[3 Password Policies 


Bf mv-password-policv 


3 Select the setting you want to change. 


4 Inthe adjacent column, change the value of the settings as required. Refer to Section 6.1, 
“Creating a Password Policy,” on page 41 for the setting options and their descriptions. 


5 Click Apply. 


6.3 Deleting a Password Policy 


1 Double-click the Novell SecureLogin icon in the notification area. 


2 Inthe Password Policies navigation area, right-click the password policy you want to delete, then 
click Delete. 
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7.1 


Managing Information Cache 


Use the Advanced menu to change vour information cache to refresh the cache, back up and restore 
information, and work online or offline. 


Figure 7-1 The Advanced Menu 


Add Application 


Manage Logins 
New Login 
Change Preferences 
Change Passphrase Act 
Refresh Cache ri 
| About 
Backup User Information 


Restore User Information 
Work Offiine 


Log Off User 
Close 


+ Section 7.1, 'Refreshing the Cache,” on page 47 
+ Section 7.2, “Backing Up User Information,” on page 48 
+ Section 7.3, 'Restoring User Information,” on page 49 


+ Section 7.4, “Working Online and Working Offline,” on page 51 


Refreshing the Cache 


The Novell SecureLogin cache is encrypted local copy of Novell SecureLogin data. It allows users 
who are not connected to the network, for example, if they are working offline or using a laptop, to 
continue using Novell SecureLogin even if the directory is unavailable. 


By default, a cache file is created on the workstation as part of the Novell SecureLogin installation. 
The cache file stores your data locally and is synchronized regularly with your data in the directory. 


The directory and workstation caches are synchronized regularly, by default every five minutes. 


To refresh the cache manually: 


1 Right-click the Novell SecureLogin &Zicon in the notification area, then select Advanced > Refresh 
Cache. 


The cache is refreshed and it is synchronized with the cache in the directory. 
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7.2 Backing Up User Information 


Because SecureLogin data is stored in the directory, existing directory backups also back up Novell 
SecureLogin data. In addition, the local cache synchronizes with the directory for further redundancy 


of data. 


Backing up or restoring by using the SecureLogin menu options is typically performed by users who 
have been disconnected from the network for long periods of time, such as weeks or months. 


To create a backup file: 


1 In the notification area, right-click the Novell SecureLogin icon, then select Advanced > Backup 
User Information. The Save Settings dialog box is displayed. 


Change Passphrase 
Refresh Cache 

Restore User Information 
Work Offline 


2 Select a folder where you want to store the backup file. 


The file can be stored in any location. 


Save As 


Save in: | © SecureLogin Ñ 


(Cslomoz_1_5 


My Network Save as type: [XML Document ('.esx) xl 


Places 


3 Inthe File name field, specify a name for the backup file. 
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4 Click Save. The Password dialog box is displayed. 


Password 


Please enter a password (minimum 8 characters) 


Password 


5 Inthe Password field, specify a password. 
6 Click OK. 


The encrypted and password-protected backup file is saved, and a confirmation message 
appears. 


SecureLogin 


SecureLogin data has been saved. 


1 Active Passphrase Question 
5 Preferences 

0 Passphrase Questions 

0 Password Policies 


1 Passphrase Policy 

22 Applications 

25 Application Preferences 
40 Logins 

34 Linked Logins 

99 Credentials 


7 Click OK. 


7.3 Restoring User Information 


IMPORTANT: Before restoring the backup file, you must delete the cache file on the workstation. 


7.3.1 Deleting the Workstation Cache 


1 Right-click the Windows Start button, then click Explore. 
2 Browse to the following directory: 
C:\Documents and Settings\[user]\Application Data\SecureLogin\Cache 


Ensure that you have selected Show hidden files and folders in the Windows Folder Options dialog 
box. 


3 Delete the cache directory. 
4 Close Windows Explorer. 
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7.3.2 Restoring the Backup File 


To restore the user information from the local cache backup file: 


1 Inthe notification area, right-click the Novell SecureLogin icon, then select Advanced > 
Restore User Information. The Load Settings dialog box is displayed. 


Look in: (EB SecureLogin Ñ - © eż Er 
2 (Csiomoz 15 
Test es 


My Recent 
Documents 


a 


[XML Document ('.esx) vi 


T" Open as read-only 


2 Select the backup file. 
3 Click Open. The Password dialog box is displayed. 


Password fx) 
Please enter password 


Password | 


OK Cancel 


4 Inthe Password field, specify the password. 
5 Click OK. 


A message appears, confirming that cache data has been loaded to the local workstation cache. 
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SecureLogin 


SecureLogin data has been loaded. 


1 Active Passphrase Question 
1 Preference 

0 Passphrase Questions 

0 Password Policies 

1 Passphrase Policy 

16 Applications 

18 Application Preferences 
40 Logins 

34 Linked Logins 

99 Credentials 


6 Click OK. 


Working Online and Working Offline 


The Work Offline option stops the synchronization process with the directory, so Novell SecureLogin 
relies only on its local cache file or equivalent smart card. 


If this option is set to Yes in the Administrative Management utility by the administrator, the Work 
Offline option is not displayed on the notification area icon. 


Novell SecureLogin detects if it is online or offline and adapts its behavior accordingly. 


If this option is set to either No or Default, the Work Offline option is displayed and accessible in on the 
notification area icon. 


To work offline: 


1 In the notification area, right-click the Novell SecureLogin icon, then select Advanced > Work 
Offline. 


The synchronization process with the directory stops. 


To work online: 


1 In the notification area, right-click the Novell SecureLogin icon, then select Advanced > Work 
Online. 


You are now working online and the synchronization with the directory is active. 
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Managing the Passphrase 


Passphrases are an important security component in the implementation of Novell SecureLogin. 
Passphrases are unique question and answer combinations created to verify and authenticate the 
identity of a user. In a directory environment, you can create passphrase questions for users. Users 
can select one of these questions and provide an answer for it. You can also permit users to provide a 
question of their choice and the answer for it. 


Passphrases protect user credentials from unauthorized use. For example, in a Microsoft Active 
Directory environment, you can potentially log in to the network by resetting the user's network 
password. 


However, this cannot happen when you are using Novell SecureLogin. If someone other than the 
actual users tries to reset the network password, Novell SecureLogin triggers the passphrase 
question. The user must provide the correct answer before successfully logging in. Even an 
administrator cannot access the user’s single sign-on-enabled applications without knowing the 
user’s passphrase answer. 


NOTE 


In a Microsoft Windows Vista environment, when you log in to Novell SecureLogin in an offline 
mode with an incorrect password, you are prompted to provide the passphrase answer. If an 
incorrect passphrase answer is specified, you are prompted to retry the authentication. 


However, if you again provide a wrong password, instead of seeing a prompt for the passphrase 
answer, you are prompted to specify the password (that is, instead of the passphrase dialog box, the 
password dialog box is displayed). 


Close and relaunch Novell SecureLogin to be prompted for the password first, then prompted for the 
passphrase answer if the incorrect password is specified. 


Creating a Passphrase 


The first time log in to your workstation and launch Novell SecureLogin, you are prompted to set up 
your passphrase question and answer. 


If you have installed Novell SecureLogin in LDAP GINA mode with eDirectory, Novell SecureLogin 
does not work while setting a passphrase for a new user if the eDirectory user’s fully distinguished 
name (FDN) has 128 characters or more. 


1 The Passphrase Setup dialog box is displayed. 
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If you need to access your single sign-on details when you are not connected 
to the network or if your password is ever reset, SecureLogin will ask you a 
passphrase question. You must then enter your passphrase answer. 


1. Select or enter a passphrase question. 
2. Enter and confirm a passphrase answer. 


Enter an obscure answer so that no one is likely to guess it. 


If your administrator has defined a set to question, you must select one of the questions and 
specify your answer. 


In the Enter a question field, select or specify a passphrase question. 
In the Enter the answer field, specify the new passphrase answer. 


In the Confirm the answer field, retype the new passphrase answer. 
Click OK. The changes are saved. 


ao BB © N 


NOTE: You are re-prompted for the passphrase answer in the following situations: 


¢ If your administrator has changed the Security preference from Hidden to Yes, you are promoted 
to re-enter your passphrase question and answer. 


+ If you have logged in through the Workstation only when; 
¢ The eDirectory™ and workstation passwords are different 


and 


+ HKLM/SOftware/Protocom/ SecureLoginNTrvRegcredinoffline is set to 1 


Specify your passphrase again (after the initial set up) to continue with the login. 
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8.2 Changing a Passphrase 


Passphrases protect your credentials from unauthorized use. For example, in an Active Directory 
environment, you can potentially log in to the network by resetting the user's network password. You 
can avoid such occurrences by using a passphrase. 


However, this cannot happen if you are using a Novell SecureLogin passphrase. If someone other 
than the actual user tries to reset the network, Novell SecureLogin triggers the passphrase question. 
The user must provide the correct answer before successfully logging in. 


Even an administrator cannot access the user's single sign-on-enabled applications without knowing 
the user’s passphrase answer. 


1 Right-click the Novell SecureLogin icon in the notification area, then select Advanced > Change 
Passphrase. The Passphrase dialog box is displayed. 


Y SecureLogin 


ff” Novell : 
BY SecureLogin 


ZT 


Name your place of birth 


2 Specify the existing passphrase response in the field. 
3 Click OK. The Passphrase Setup dialog box is displayed. 
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If you need to access your single sign-on details when you are not connected 
to the network or if your password is ever reset, SecureLogin will ask you a 
passphrase question. You must then enter your passphrase answer. 


1. Select or enter a passphrase question. 
2. Enter and confirm a passphrase answer. 


Enter an obscure answer so that no one is likely to quess it. 


4 Inthe Enter a question field, select or specify a passphrase question. 
5 Inthe Enter the answer field, specify the new passphrase answer. 


6 Inthe Confirm the answer field, retype the new passphrase answer. 
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If you need to access your single sign-on details when you are not connected 
to the network or if your password is ever reset, SecureLogin will ask you a 
passphrase question. You must then enter your passphrase answer. 


1. Select or enter a passphrase question. 
2. Enter and confirm a passphrase answer. 


Enter an obscure answer so that no one is likely to quess it. 


Enter a question: 


| Who is your favorite poet? -| 


DE 


Enter the answer: 


7 Click OK. The changes are saved. 


NOTE: If you do not have access to the Novell SecureLogin icon in the notification area, vou 
cannot change your passphrase answer. You administrator has disabled access to the Novell 
SecureLogin icon in the notification area. 
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